Nytro Posted December 18, 2011 Report Posted December 18, 2011 [h=3]Anti-Rootkit Tool - Tuluka Kernel Inspector[/h]Here's the new Anti-Rootkit tool - "Tuluka Kernel Inspector" - by Libertad from Tuluka.org.It has following core features Detects hidden processes, drivers and devices Detects IRP hooks Identifies the substitution of certain fields in DRIVER_OBJECT structure Checks driver signatures Detects and restores SSDT hooks Detects suspicious descriptors in GDT IDT hook detection SYSENTER hook detection Displays list of system threads and allows you to suspend them IAT and Inline hook detection Shows the actual values of the debug registers, even if reading these registers is controlled by someone Allows you to find the system module by the address within this module Allows you to display contents of kernel memory and save it to disk Allows you to dump kernel drivers and main modules of all processes Allows you to terminate any process Is able to dissasemble interrupt and IRP handlers, system services, start routines of system threads and many more Allows to build the stack for selected device Many more..It is tested on following operating systems (32-bit), Windows XP SP0 SP1 SP2 SP3 Windows Server 2003 SP0 SP1 SP2 R2 Windows Vista SP0 SP1 SP2 Windows Server 2008 SP0 SP1 SP2 Windows 7 SP0 SP1Though it currently supports only 32 bit version, support for 64 bit is expected in upcoming versions.You can download it from here:http://www.tuluka.org/Download.htmlSursa: SecurityXploded Forum • View topic - New Anti-Rootkit Tool - Tuluka Kernel Inspector Quote
